Solved: Firepower Cloud Connection Issues

vpresogna · ‎05-24-2017

This is an odd one. From the sfr conolse i can ping intelligence.sourcefire.com , nslookup works as well also, but when I try telnet i get this;

Failed to connect to intelligence.sourcefire.com port 443: No route to host

When I try this command found in this document, sudo curl -vvk https://intelligence.sourcefire.com I get this;

Cisco Fire Linux OS v6.2.0 (build 42)
Cisco ASA5508 v6.2.0.1 (build 59)

> expert
admin@firepower:~$ sudo curl -vvk https://intelligence.sourcefire.com
Password:
* Rebuilt URL to: https://intelligence.sourcefire.com/
*   Trying 198.148.79.58...
*   Trying 2620:28:c000:0:aba:ca:daba:58...
* Immediate connect fail for 2620:28:c000:0:aba:ca:daba:58: Network is unreachable
* connect to 198.148.79.58 port 443 failed: No route to host
*   Trying 2620:28:c000:0:aba:ca:daba:58...
* Immediate connect fail for 2620:28:c000:0:aba:ca:daba:58: Network is unreachable
*   Trying 2620:28:c000:0:aba:ca:daba:58...
* Immediate connect fail for 2620:28:c000:0:aba:ca:daba:58: Network is unreachable
* Failed to connect to intelligence.sourcefire.com port 443: No route to host
* Closing connection 0
curl: (7) Failed to connect to intelligence.sourcefire.com port 443: No route to host

Any idea whats going on would be most appreciated.

Thanks

vpresogna · ‎10-05-2017

I figured it out. The gateway was incorrect on the SFR module.

View solution in original post

Marvin Rhoads · ‎05-25-2017

Is there perhaps WCCP or some sort of a web proxy server in your environment?

vpresogna · ‎05-25-2017

No WCCP or web proxies in my enviroment. Just an asa 5508 with the SFR module.

Veronika Klauzova · ‎05-25-2017

Hello,

per outputs, it looks to me that device is trying to communicate over IPv6 which will fail, could you re-run test and force curl tool to use only IPv4? Would the results be the same?

Command that will force curl to run only on IPv4 stack:

curl -vvk https://intelligence.sourcefire.com -4

Best regards,

Veronika

vpresogna · ‎05-25-2017

Same error

* Rebuilt URL to: https://intelligence.sourcefire.com/
* Trying 198.148.79.58...
* connect to 198.148.79.58 port 443 failed: No route to host
* Failed to connect to intelligence.sourcefire.com port 443: No route to host
* Closing connection 0
curl: (7) Failed to connect to intelligence.sourcefire.com port 443: No route to host

Veronika Klauzova · ‎05-28-2017

Still looks like a proxy on the path. Could you perform in one CLI session on FMC packet captures and on other curl query?

First I would just suggest to run following capture test and then make request using Curl:

tcpdump -i eth0 port 443 and host intelligence.sourcefire.com

In case you dont see any output:

tcpdump -i eth0 port 443 and host <IP address of intelligence server taken from nslookup>

If you there is any output please re-run capture and write it to file using additional parameter -w /var/tmp/pcap1.pcap and upload here for our review.

Also please examine /var/log/messages file on FMC to see whether there are any timeouts.

Keep us posted,

Veronika

vpresogna · ‎06-13-2017

Ok, I have the pcap file, but how do it get it off of the SFR?

vpresogna · ‎10-05-2017

I figured it out. The gateway was incorrect on the SFR module.